Why don't the emails that I send through Amazon SES get delivered?

Resolution

The following are common reasons why emails that you send from Amazon SES don't deliver to the recipients.

There's a template Rendering Failure

If the emails that you send with the SendTemplatedEmail API operation contain incorrect template data, then you can get a Rendering Failure. To identify this type of failure, set up Rendering Failure event notifications through Amazon Simple Notification Service (Amazon SNS).

Your account is in the Amazon SES sandbox

When your account is in the Amazon SES sandbox, you can send emails only to verified email addresses or to the mailbox simulator. If your account is in the sandbox, then confirm that you're sending emails to verified email addresses. You can also request to have your account moved out of the Amazon SES sandbox.

There's an issue with the email recipient's email address

Your emails might not be delivered because there's an issue with the recipient's email address that results in a bounce. Depending on the error that the recipient's mail server invokes, emails can bounce for multiple reasons.

Also, emails might not be delivered because the recipient's email address is either on your Amazon SES account-level suppression list or the global suppression list. To remove an email address from your account's suppression list, see Removing individual email addresses from your Amazon SES account-level suppression list.

You can no longer request email address removal from the global suppression list. For more information, see Amazon SES global suppression list.

To troubleshoot additional reasons for email bounces, see How can I handle a high bounce rate with emails that I send using Amazon SES?

There's an issue with the email recipient's server

To determine if an issue with the email recipient's server prevents your emails from delivery, configure Amazon SNS notifications. In the Amazon SNS notifications, review the smtpResponse that Amazon SES returns. For more information about the details that are included in the Amazon SNS notifications, see Amazon SNS notification contents for Amazon SES.

If you receive an SMTP 250 OK response from the recipient SMTP server, then Amazon SES successfully sent the message to that mail server. However, the SMTP 250 OK response doesn't guarantee that the message is delivered to the receiving email address. After Amazon SES delivers the message to the recipient's server, the recipient's server policies determine whether the email is accepted, rejected, or classified.

Also, the recipient's server might experience an issue, and the email doesn't get stored in the receiver's mailbox.

Your email is getting labeled as spam

Recipient email servers can filter your emails as spam for several reasons. There might be an email authentication failure or issues with email content quality or sender reputation. For more information, see Why are the emails that I send using Amazon SES getting marked as spam?

There's a sending delay

There might be a delay to send your email. For more information, see Three places where your email could get delayed when sending through Amazon SES. You can use event publishing to monitor delays that happen when Amazon SES tries to deliver email to the recipient's internet service provider (ISP).

There's an ongoing issue with Amazon SES

Review the AWS Health Dashboard for issues with Amazon SES that might prevent the successful delivery of your email.

Your client uses TLS versions earlier than 1.2 to send SMTP email

Your client might use a TLS version that's earlier than 1.2, such as TLS 1.0 or 1.1. In this case, SES doesn't accept your emails and you see one of the following error messages:

HTTP

"Amazon SES no longer supports TLS 1.0 and TLS 1.1 connections. You must update your client to use TLS version 1.2 or above. To learn more and to update your client, see https://go.aws/3AUlVSb. For further assistance, contact AWS support"

SMTP

"Access denied: Amazon SES no longer supports TLS 1.0 and TLS 1.1 connections. You must update your client to use TLS version 1.2 or above. To learn more and to update your client, see https://go.aws/3AUlVSb. For further assistance, contact AWS support"

To find the SMTP clients that use deprecated TLS versions, see How do I find the SMTP clients using deprecated TLS versions? If you configured event publishing, then you can identify the TLS version in the event data for emails that you sent. For more information, see How event publishing works.